Schneier on Security

JULY 24, 2019

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. EDITED TO ADD: More news articles.

Encryption 279

Encryption Telecommunications Risk Government 279

Graham Cluley

OCTOBER 17, 2024

Read more in my article on the Tripwire State of Security blog. And boy do we need some good news - amid reports that 389 US-based healthcare institutions were hit by ransomware last year - more than one every single day.

Ransomware 114

Ransomware Encryption Healthcare Data breaches 114

Joseph Steinberg

DECEMBER 20, 2021

Nearly every piece of data that is presently protected through the use of encryption may become vulnerable to exposure unless we take action soon. While quantum computers already exist, no devices are believed to yet exist that are anywhere near powerful enough to crack modern encryption in short order.

Encryption 246

Encryption Artificial Intelligence Technology Risk 246

SecureWorld News

DECEMBER 8, 2024

Recent progress has sparked discussions, but current capabilities are still far from threatening encryption standards like 2048-bit RSA. It is essential to understand the risks posed by quantum computing, as future advancements could compromise today's encrypted data, opening new opportunities for threat actors.

Encryption 116

Encryption Firewall Education Firmware 116

Schneier on Security

JANUARY 21, 2022

Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Citizen Lab examined the app and found it riddled with security holes.

Surveillance 360

Surveillance Encryption Wireless Government 360

Security Affairs

OCTOBER 20, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 121

Malware Ransomware Encryption Phishing 121

Schneier on Security

AUGUST 1, 2019

This article points out that Facebook's planned content moderation scheme will result in an encryption backdoor into WhatsApp: In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. The company even noted.

Encryption 139

Encryption Manufacturing Mobile Government 139

eSecurity Planet

MAY 25, 2022

Encryption and the development of cryptography have been a cornerstone of IT security for decades and remain critical for data protection against evolving threats. While cryptology is thousands of years old, modern cryptography took off in the 1970s with the help of the Diffie-Hellman-Merkle and RSA encryption algorithms.

Encryption 138

Encryption Computers and Electronics Password Management Passwords 138

Schneier on Security

DECEMBER 26, 2022

The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.

Passwords 292

Passwords Encryption Backups Password Management 292

Schneier on Security

OCTOBER 15, 2021

The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. Even before Apple made its announcement , law enforcement shifted their battle for backdoors to client-side scanning. See also this analysis of the law and politics of this from last year.

Risk 351

Risk Encryption 351

eSecurity Planet

DECEMBER 7, 2023

Encryption scrambles data to make it unreadable to those without decryption keys. Proper use of encryption preserves secrecy and radically lowers the potential damage of a successful cybersecurity attack. Encryption algorithm types will provide an overview of the mathematical algorithms used to encrypt data (AES, RSA, etc.),

Encryption 111

Encryption Passwords Authentication Password Management 111

Schneier on Security

MARCH 30, 2021

From a news article : The broad range of data that this sneaky little bastard is capable of stealing is pretty horrifying. Researchers have discovered a new Android app called “System Update” that is a sophisticated Remote-Access Trojan (RAT). This is a sophisticated piece of malware.

Malware 334

Malware Manufacturing Encryption Government 334

Joseph Steinberg

OCTOBER 21, 2022

Today, October 21, marks the first ever organized Global Encryption Day, dedicated to spreading awareness of the importance of utilizing encryption to protect sensitive information, both when it is in transit (e.g., online chat messages going over the Internet between you and your significant other) and when it is at rest (e.g.,

Encryption 130

Encryption Government Artificial Intelligence Surveillance 130

Schneier on Security

NOVEMBER 22, 2019

The NSA has released a security advisory warning of the dangers of TLS inspection: Transport Layer Security Inspection (TLSI), also known as TLS break and inspect, is a security process that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the traffic before it enters or leaves the network.

Encryption 268

Encryption Risk 268

Graham Cluley

DECEMBER 7, 2023

Meta's Head of Messenger announced that the company has begun to roll out end-to-end encryption (E2EE) for personal chats and calls. Read more in my article on the Hot for Security blog.

Encryption 116

Encryption 116

CSO Magazine

DECEMBER 14, 2022

A new ransomware group dubbed Royal that formed earlier this year has significantly ramped up its operations over the past few months and developed its own custom ransomware program that allows attackers to perform flexible and fast file encryption. To read this article in full, please click here

Encryption 120

Encryption Ransomware 120

Schneier on Security

SEPTEMBER 7, 2022

This article makes LockBit sound like a legitimate organization: The DDoS attack last weekend that put a temporary stop to leaking Entrust data was seen as an opportunity to explore the triple extortion tactic to apply more pressure on victims to pay a ransom.

Ransomware 244

Ransomware DDOS Encryption 244

eSecurity Planet

DECEMBER 7, 2023

Encryption uses mathematical algorithms to transform and encode data so that only authorized parties can access it. What Encryption Is and How It Relates to Cryptology The science of cryptography studies codes, how to create them, and how to solve them. How Does Encryption Process Data? How Does Encryption Process Data?

Encryption 116

Encryption Passwords IoT Firewall 116

Trend Micro

APRIL 23, 2023

We also noted more sophisticated encryption and basic anti-analysis techniques, such as byte remapping and web browser communication blocking.

Encryption 123

Encryption Cryptocurrency Cyber threats Malware 123

Schneier on Security

JULY 3, 2020

Encrochat took the base unit, installed its own encrypted messaging programs which route messages through the firm's own servers, and even physically removed the GPS, camera, and microphone functionality from the phone. Lots of details about the hack in the article. Many more news articles. Well worth reading in full.

Hacking 279

Hacking Telecommunications Encryption Firewall 279

Schneier on Security

DECEMBER 21, 2020

News article. Cellebrite announced that it can break Signal. Note that the company has heavily edited its blog post, but the original — with lots of technical details — was saved by the Wayback Machine.). Slashdot post. The whole story is puzzling.

Encryption 359

Encryption 359

Schneier on Security

JULY 26, 2023

Looks like the encryption algorithm was intentionally weakened by intelligence agencies to facilitate easy eavesdropping. The TETRA security standards have been specified together with national security agencies and are designed for and subject to export control regulations which determine the strength of the encryption.”

Telecommunications 246

Telecommunications Encryption Technology Software 246

Joseph Steinberg

OCTOBER 4, 2023

While some messaging systems now offer end-to-end encryption that prevents the providers of such services from decrypting messages , metadata – including who communicated with whom and when and where – is still available to governments. Of course, no encryption method is perfect.

Encryption 221

Encryption Artificial Intelligence Government Media 221

Schneier on Security

MAY 5, 2022

HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection. News article. .” While this isn’t the largest application-layer attack we’ve seen , it is the largest we’ve seen over HTTP S. No word on motive.

DDOS 243

DDOS Encryption Cryptocurrency 243

SecureWorld News

NOVEMBER 1, 2023

In this article, I will attempt to unravel the intertwined threads of AI, confidential computing, quantum cryptography, homomorphic encryption, and the pivotal role of cloud security services. Homomorphic encryption: the middle ground?

Encryption 102

Encryption Artificial Intelligence Big data Technology 102

Schneier on Security

MARCH 31, 2024

I know I was at the Fast Software Encryption workshop in December 1993, another conference he created. There I presented the Blowfish encryption algorithm. Pulling an old first-edition of Applied Cryptography down from the shelf, I see his name in the acknowledgments. And he said yes. Which means I mailed him a paper copy.

Surveillance 344

Surveillance Engineering Encryption Government 344

Joseph Steinberg

APRIL 6, 2021

Ransomware comes in multiple flavors – sometimes involving far more than just the unauthorized encryption of data. This is true even in cases in which the infected devices themselves cannot have their data encrypted or stolen by the ransomware.

Ransomware 352

Ransomware Computers and Electronics Backups Artificial Intelligence 352

Schneier on Security

NOVEMBER 23, 2020

Quanta magazine recently published a breathless article on indistinguishability obfuscation — calling it the “‘crown jewel’ of cryptography” — and saying that it had finally been achieved, based on a recently published paper. But but, consider fully homomorphic encryption.

Encryption 263

Encryption 263

Schneier on Security

MAY 12, 2020

The attack requires physical access to the computer, but it's pretty devastating : On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer -- and even its hard disk encryption -- to gain full access to the computer's data. Intel responds.

Firmware 270

Firmware Manufacturing Encryption Hacking 270

Schneier on Security

SEPTEMBER 17, 2020

Another article : Patches are not immediately available at the time of writing.

Authentication 363

Authentication Social Engineering Firmware Engineering 363

Schneier on Security

JANUARY 24, 2020

That file shows an image of the Saudi Arabian flag and Swedish flags and arrived with an encrypted downloader. Because the downloader was encrypted this delayed or further prevented "study of the code delivered along with the video.".

Hacking 269

Hacking Backups Spyware Encryption 269

Schneier on Security

APRIL 5, 2019

A recent article overhyped the release of EverCrypt , a cryptography library created using formal methods to prove security against specific attacks. The Quantum magazine article sets off a series of "snake-oil" alarm bells. The author's Github README is more measured and accurate, and illustrates what a cool project this really is.

Encryption 265

Encryption Hacking 265

Graham Cluley

MARCH 6, 2024

Ukraine claims its hackers have gained possession of "the information security and encryption software" used by Russia's Ministry of Defence , as well as secret documents, reports, and instructions exchanged between over 2,000 units of Russia's security services. Read more in my article on the Hot for Security blog.

Encryption 102

Encryption Hacking Information Security Software 102

Joseph Steinberg

JANUARY 4, 2023

Zero Trust is a term that is often misunderstood and misused, which is why I wrote an article not long ago entitled Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean. Because the attacker may be listening to the data moving across the network, all traffic must be encrypted.

Architecture 361

Architecture Artificial Intelligence Encryption Cybersecurity 361

Schneier on Security

APRIL 5, 2022

Another article claims that both Apple and Facebook (or Meta, or whatever they want to be called now) fell for this scam. But imagine how this kind of thing could be abused with a law enforcement encryption backdoor. The “credentials” are even more insecure than we could have imagined: access to an email address.

Scams 323

Scams Engineering Encryption Technology 323

Schneier on Security

AUGUST 4, 2022

News article. Our Magma implementation breaks the instantiation SIKEp434, which aims at security level 1 of the Post-Quantum Cryptography standardization process currently ran by NIST, in about one hour on a single core.

Encryption 306

Encryption 306

Schneier on Security

MARCH 22, 2019

News article. GCHQ has put simulators for the Enigma, Typex, and Bombe on the Internet.

Internet 246

Internet Internet Encryption 246